nternet of Things (IoT) in the modern healthcare environment is con tinuously growing to offer a seamless platform to monitor patients in hospitals makes our lives easier. Medical Imaging Devices (MIDs), such as Magnetic Resonance Imaging (MRI) system, are commonly connected to the hospital network, becoming increasingly vulnerable to cyberattacks such as ransomware. This paper attempts to discuss vulnerabilities in the MRI scanner that ransomware can exploit to propagate through a system. Specifically, it investigates the way mal ware find to target an MRI system. In this context, ransomware is a malware in the structure of malicious software that exploits vulnera bility in Microsoft Server Message Block 1.0 (SMBv1), which encrypts or locks the patients’ records that are stored. A discussion of the life cycle of a ransomware attack presented. More over, to figure out what the binary does, which module of code exe cutes the function, and why it comes as such designation, a turning around(reversing) WannaCry ransomware discussed. To add, an ex ploration of the attack surface by first present the network topology and then the possible vulnerabilities and attack vectors. Also, a pre sentation for Cyber-Kill-Chain(CKC) for modeling the prospective attacker’s intrusion attempts. To explore hospitals in Lebanon for possible vulnerabilities, a list of all Lebanese hospitals IPs collected and scan for all open ports related to such IPs that attackers can exploit. Also, in order to create a more accurate representation of the exposed medical devices, an extended list of keywords related to medical devices was gathered to search for online medical devices that can be highly vulnerable to a ransomware attack. The experimental results show a high number of open ports, whereas a few numbers of online medical devices. These results indicate the importance of drawing the attention of hospitals to close unneeded open ports, in addition to not placing any medical devices facing the Internet or online to avoid any cyberattacks.